Assigning repository permissions

Use the BMC Atrium Orchestrator Repository Manager Manage Permissions tab to manage permissions. Before getting started, review the permissions overview in Managing permissions.

Note

The tab uses the term "group." Group names must align with your authentication entity as follows:

  • Role in Remedy Single Sign-On (Remedy SSO or RSSO). Group names this tab must align with your Remedy SSO role names.
  • Group in LDAP. Group names in this tab must align with your LDAP group names.
  • Group in Atrium Single Sign-On (ASSO). Group names in this tab must align with your ASSO group names.

    Important

    BMC Atrium Single Sign-On is not supported for use with BMC Atrium Orchestrator Platform 7.9.01 and later versions. 

This documentation uses "role" to represent role/group in the authentication system.

This topic provides the following information:

Repository permissions overview

In the Repository Manager Manage Permissions tab you can

  • Create groups.
  • Assign group access for content management, creation, transfer, and access.

The repository permissions determine the actions available for users assigned to the corresponding roles/groups, such as:

  • Import content using Grid Manager
  • Upload and download content in BMC Atrium Orchestrator Development Studio
  • Upload content to the grid by using the content installation program
  • Upload content to the grid by using Repository Manager

The first five entries in the Permissions-to-Groups column designate the repository permissions. The remaining entries designate the content, which includes adapters and modules. You can resize columns to more easily see long names that wrap in narrow columns.

Note

If a user is a member of more than one group, the user is granted the most permissive permissions. If a user is not assigned to any group, that user is automatically a member of the Default group and is granted the default permissions.

Default repository permissions

The following table describes the default permissions available in Repository Manager.

Repository permission

Permission

Description

Manage Permissions

View

Users assigned to the role can see the Manage Permissions tab.

Update

Users assigned to the role can update role permissions.

Manage Content

View

Users assigned to the role can see the Manage Content tab.

Update

Users assigned to the role can upload, download, and delete content and content versions to and from the repository.

Transfer Content

View

Users assigned to the role can see the Transfer Content tab. You can view content in the other repository only if you have access permissions to that repository. The permissions that you have for your current repository apply only to your current repository and do not grant access to the other repository.

Update

Users assigned to the role can connect to another repository and transfer content between repositories. You can update content in the other repository only if you have access permissions to that repository. The permissions that you have for your current repository apply only to your current repository and do not grant access to the other repository.

Create New Content

Update

Users assigned to the role can upload new content from BMC Atrium Orchestrator Development Studio into the repository.

Access New Content

View

Users assigned to the role can view all content added to the repository in the future.

Update

Users assigned to the role can update all content added to the repository in the future.

The following table provides examples of how permission assignments control repository and content access.

Permission assignmentsAccess

View and Update permission for all repository permissions (full access)

  • Manage Content, Transfer Content, and Manage Permissions tabs are visible.
  • Delete, Upload, Download, Export, Import, Add Group, and Copy Group buttons are enabled.
No View, no Update permissions for Manage Content
  • Manage Content tab is not visible (therefore Delete, Upload, and Download buttons are not available).
View permission (not Update permission) for Manage Content
  • Manage Content tab is visible.
  • Delete, Upload, and Download buttons are disabled.

View and Update permission for Access New Content

No Update permission for Create New Content

  • Manage Content tab is visible.
  • Delete and Download buttons are enabled.
  • Upload button is disabled.
View permission (not Update permission) for Transfer Content
  • Transfer Content tab is visible
  • is enabled, allowing a module to be exported to an external repository.
  • is disabled, preventing a module from being imported into the current repository.
View permission (not Update permission) for Manage Permissions
  • Manage Permissions tab is visible.
  • Add Role and Copy Role buttons are disabled.
  • Cannot edit roles.

To create a group

Each group that you create must have a matching role (in Remedy SSO) or group (in LDAP or ASSO) of the same name.

  1. In the BMC Atrium Orchestrator Repository Manager application, select the Manage Permissions tab.
  2. Click Add Group, and then enter a unique name for the group.

    Note

    The group name must be unique within BMC Atrium Orchestrator.

  3. Click Save.

The specified group name appears as a new column.

To add repository and content permissions to a group or edit them 

  1. In the Manage Permissions tab, select the group name.
    You cannot edit the AoAdmin group.

  2. On the Update Group permissions page, perform any of the following actions:
    • To assign all view permissions to a group, select the check box in the View column header.
    • To assign all update permissions to a group, select the check box in the Update column header.
      If you select Update, then View is also selected and is disabled. To edit the view permissions, you must clear the Update permissions.
    • To assign individual view and update permissions to a group, select the corresponding check box in the View and Update columns.
      If you select Update, then View is also selected and is disabled. To edit the view permission, you must clear the Update permission.
    • To remove all view permissions to a group, clear the check box in the View column header.
    • To remove all update permissions to a group, clear the check box in the Update column header.
    • To remove a permission from a group, clear the corresponding check box.
  3. Click Save to save the permission assignments.

Tips

Click the Reset button to undo your changes.

To copy permissions from one group to another

  1. In the Manage Permissions tab, click Copy Group.
  2. In Copy From Existing Group, select the group from which you want to copy permissions, and then in Copy To Group Name enter the group name (an existing group or a new group) where you want the permissions to be copied.
    You cannot copy any group to the AoAdmin group; in other words, you cannot overwrite the AoAdmin group.
  3. Click Save.

  4. If you are copying permissions to an existing group, the Copy Group Permissions prompt asks for confirmation to overwrite the existing values for a group. Click Yes to overwrite the existing permissions.

To delete a group

  1. From the Manage Permissions tab, click the name of the group that you want to delete.
    You cannot delete the AoAdmin group.
  2. Click Delete and confirm.

Related topics

Managing permissions

Assigning grid permissions

Creating and managing local users and roles in Remedy Single Sign-On

Creating user accounts and assigning user accounts to groups in BMC Atrium Single Sign-On